实战多vpn-instance实例之OSPF典型组网案例,实战多vpn-instance实例之OSPF典型组网案例
实战多vpn-instance实例之OSPF典型组网案例,实战多vpn-instance实例之OSPF典型组网案例4、SW1与SW2之间的互联采用trunk,仅允许互联的VLAN互通。3、创建多实例OSPF,并发布业务地址实现互通vpn-nrt规划如下:1、分别在SW1和SW2创建VPN实例2、根据组网说明将各业务地址、互联地址、loopback绑定到vpn实例
组网及说明
网络拓扑图如下:
业务地址、互联地址、Loopback地址如拓扑图所示。其中VLAN 10、VLAN 100属于vpn-rt中,VLAN 20、VLAN 200属于vpn-nrt实例中,另外SW1与SW2之间的互联采用trunk,互联的VLAN使用VLAN 400(绑定到vpn-rt)和VLAN 500(绑定到vpn-nrt),全网采用多VPN实例OSPF互联互通,不通VPN实例的业务地址不能互通。
vpn-rt规划如下:
- RD:100:1
- RT:100:1
vpn-nrt规划如下:
- RD:200:1
- RT:200:1
配置步骤
1、分别在SW1和SW2创建VPN实例
2、根据组网说明将各业务地址、互联地址、loopback绑定到vpn实例
3、创建多实例OSPF,并发布业务地址实现互通
4、SW1与SW2之间的互联采用trunk,仅允许互联的VLAN互通。
配置关键点
SW1:
[H3C]sysnameSW1
#创建vpn-rt实例,并配置RD值和RT值
[SW1]ipvpn-instancevpn-rt
[SW1-vpn-instance-vpn-rt]route-distinguisher100:1
[SW1-vpn-instance-vpn-rt]vpn-target100:1
[SW1-vpn-instance-vpn-rt]vpn-target100:1
[SW1-vpn-instance-vpn-rt]quit
#创建vpn-nrt实例,并配置RD值和RT值
[SW1]ipvpn-instancevpn-nrt
[SW1-vpn-instance-vpn-nrt]route-distinguisher200:1
[SW1-vpn-instance-vpn-nrt]vpn-target200:1
[SW1-vpn-instance-vpn-nrt]quit
[SW1]intLoopBack0
[SW1-LoopBack0]ipbindingvpn-instancevpn-rt//将Loopback0绑定到vpn-rt
Someconfigurationsontheinterfaceareremoved.
[SW1-LoopBack0]ipaddress1.1.1.132
[SW1-LoopBack0]quit
[SW1]intLoopBack1
[SW1-LoopBack1]ipbindingvpn-instancevpn-nrt//将Loopback1绑定到vpn-nrt
Someconfigurationsontheinterfaceareremoved.
[SW1-LoopBack1]ipaddress1.1.1.132
[SW1-LoopBack1]quit
[SW1]vlan10
[SW1-vlan10]quit
[SW1]vlan20
[SW1-vlan20]quit
[SW1]vlan400
[SW1-vlan400]quit
[SW1]vlan500
[SW1-vlan500]quit
[SW1]intvlan10
[SW1-Vlan-interface10]ipbindingvpn-instancevpn-rt//将VLAN10绑定到vpn-rt
Someconfigurationsontheinterfaceareremoved.
[SW1-Vlan-interface10]ipaddress192.168.10.124
[SW1-Vlan-interface10]quit
[SW1]intvlan20
[SW1-Vlan-interface20]ipbindingvpn-instancevpn-nrt//将VLAN20绑定到vpn-nrt
Someconfigurationsontheinterfaceareremoved.
[SW1-Vlan-interface20]ipaddress192.168.20.124
[SW1-Vlan-interface20]quit
[SW1]intvlan400
[SW1-Vlan-interface400]ipbindingvpn-instancevpn-rt//将VLAN400绑定到vpn-rt
Someconfigurationsontheinterfaceareremoved.
[SW1-Vlan-interface400]description
[SW1-Vlan-interface400]ipaddress10.0.0.130
[SW1-Vlan-interface400]quit
[SW1]intvlan500
[SW1-Vlan-interface500]ipbindingvpn-instancevpn-nrt//将VLAN500绑定到vpn-nrt
Someconfigurationsontheinterfaceareremoved.
[SW1-Vlan-interface500]description
[SW1-Vlan-interface500]ipaddress10.0.0.130
[SW1-Vlan-interface500]quit
[SW1]
[SW1]intgi1/0/2
[SW1-GigabitEthernet1/0/2]portlink-typeaccess
[SW1-GigabitEthernet1/0/2]portaccessvlan10
[SW1-GigabitEthernet1/0/2]quit
[SW1]intgi1/0/3
[SW1-GigabitEthernet1/0/3]portlink-typeaccess
[SW1-GigabitEthernet1/0/3]portaccessvlan20
[SW1-GigabitEthernet1/0/3]quit
[SW1]
[SW1]intgi1/0/1
[SW1-GigabitEthernet1/0/1]description
[SW1-GigabitEthernet1/0/1]portlink-typetrunk
[SW1-GigabitEthernet1/0/1]undoporttrunkpermitvlan1
[SW1-GigabitEthernet1/0/1]porttrunkpermitvlan400500
[SW1-GigabitEthernet1/0/1]quit
[SW1]ospf10vpn-instancevpn-rtrouter-id1.1.1.1//将OSPF10绑定到vpn-rt
[SW1-ospf-10]area0.0.0.0
[SW1-ospf-10-area-0.0.0.0]network10.0.0.10.0.0.0
[SW1-ospf-10-area-0.0.0.0]network1.1.1.10.0.0.0
[SW1-ospf-10-area-0.0.0.0]network192.168.10.00.0.0.255
[SW1-ospf-10-area-0.0.0.0]quit
[SW1-ospf-10]quit
[SW1]ospf20vpn-instancevpn-nrtrouter-id1.1.1.1//将OSPF20绑定到vpn-nrt
[SW1-ospf-20]area0.0.0.0
[SW1-ospf-20-area-0.0.0.0]network10.0.0.10.0.0.0
[SW1-ospf-20-area-0.0.0.0]network1.1.1.10.0.0.0
[SW1-ospf-20-area-0.0.0.0]network192.168.20.00.0.0.255
[SW1-ospf-20-area-0.0.0.0]quit
[SW1-ospf-20]quit
SW2:
[H3C]sysnameSW2
[SW2]ipvpn-instancevpn-rt
[SW2-vpn-instance-vpn-rt]route-distinguisher100:1
[SW2-vpn-instance-vpn-rt]vpn-target100:1
[SW2-vpn-instance-vpn-rt]quit
[SW2]ipvpn-instancevpn-nrt
[SW2-vpn-instance-vpn-nrt]route-distinguisher200:1
[SW2-vpn-instance-vpn-nrt]vpn-target200:1
[SW2-vpn-instance-vpn-nrt]quit
[SW2]intLoopBack0
[SW2-LoopBack0]ipbindingvpn-instancevpn-rt
Someconfigurationsontheinterfaceareremoved.
[SW2-LoopBack0]ipaddress2.2.2.232
[SW2-LoopBack0]quit
[SW2]intLoopBack1
[SW2-LoopBack1]ipbindingvpn-instancevpn-nrt
Someconfigurationsontheinterfaceareremoved.
[SW2-LoopBack1]ipaddress2.2.2.232
[SW2-LoopBack1]quit
[SW2]vlan100
[SW2-vlan100]quit
[SW2]vlan200
[SW2-vlan200]quit
[SW2]vlan400
[SW2-vlan400]quit
[SW2]vlan500
[SW2-vlan500]quit
[SW2]intvlan100
[SW2-Vlan-interface100]ipbindingvpn-instancevpn-rt
Someconfigurationsontheinterfaceareremoved.
[SW2-Vlan-interface100]ipaddress172.16.20.124
[SW2-Vlan-interface100]quit
[SW2]intvlan200
[SW2-Vlan-interface200]ipbindingvpn-instancevpn-nrt
Someconfigurationsontheinterfaceareremoved.
[SW2-Vlan-interface200]ipaddress172.16.10.124
[SW2-Vlan-interface200]quit
[SW2]intvlan400
[SW2-Vlan-interface400]ipbindingvpn-instancevpn-rt
Someconfigurationsontheinterfaceareremoved.
[SW2-Vlan-interface400]description
[SW2-Vlan-interface400]ipaddress10.0.0.230
[SW2-Vlan-interface400]quit
[SW2]intvlan500
[SW2-Vlan-interface500]ipbindingvpn-instancevpn-nrt
Someconfigurationsontheinterfaceareremoved.
[SW2-Vlan-interface500]description
[SW2-Vlan-interface500]ipaddress10.0.0.230
[SW2-Vlan-interface500]quit
[SW2]intgi1/0/2
[SW2-GigabitEthernet1/0/2]portlink-typeaccess
[SW2-GigabitEthernet1/0/2]portaccessvlan100
[SW2-GigabitEthernet1/0/2]quit
[SW2]intgi1/0/3
[SW2-GigabitEthernet1/0/3]portlink-typeaccess
[SW2-GigabitEthernet1/0/3]portaccessvlan200
[SW2-GigabitEthernet1/0/3]quit
[SW2]intgi1/0/1
[SW2-GigabitEthernet1/0/1]description
[SW2-GigabitEthernet1/0/1]portlink-typetrunk
[SW2-GigabitEthernet1/0/1]undoporttrunkpermitvlan1
[SW2-GigabitEthernet1/0/1]porttrunkpermitvlan400500
[SW2-GigabitEthernet1/0/1]quit
[SW2]ospf1vpn-instancevpn-rtrouter-id2.2.2.2
[SW2-ospf-1]area0.0.0.0
[SW2-ospf-1-area-0.0.0.0]network10.0.0.20.0.0.0
[SW2-ospf-1-area-0.0.0.0]network2.2.2.20.0.0.0
[SW2-ospf-1-area-0.0.0.0]network172.16.20.00.0.0.255
[SW2-ospf-1-area-0.0.0.0]quit
[SW2-ospf-1]quit
[SW2]ospf2vpn-instancevpn-nrtrouter-id2.2.2.2
[SW2-ospf-2]area0.0.0.0
[SW2-ospf-2-area-0.0.0.0]network10.0.0.20.0.0.0
[SW2-ospf-2-area-0.0.0.0]network2.2.2.20.0.0.0
[SW2-ospf-2-area-0.0.0.0]network172.16.10.00.0.0.255
[SW2-ospf-2-area-0.0.0.0]quit
[SW2-ospf-2]quit
查看OSPF邻居状态:
disospfpeer
OSPFProcess10withRouterID1.1.1.1
NeighborBriefInformation
Area:0.0.0.0
RouterIDAddressPriDead-TimeStateInterface
2.2.2.210.0.0.2137Full/BDRVlan400
OSPFProcess20withRouterID1.1.1.1
NeighborBriefInformation
Area:0.0.0.0
RouterIDAddressPriDead-TimeStateInterface
2.2.2.210.0.0.2135Full/BDRVlan500
[SW2]disospfpeer
OSPFProcess1withRouterID2.2.2.2
NeighborBriefInformation
Area:0.0.0.0
RouterIDAddressPriDead-TimeStateInterface
1.1.1.110.0.0.1137Full/DRVlan400
OSPFProcess2withRouterID2.2.2.2
NeighborBriefInformation
Area:0.0.0.0
RouterIDAddressPriDead-TimeStateInterface
1.1.1.110.0.0.1138Full/DRVlan500
[SW2]
查看VPN路由表是否已学习到对端的VPN路由:
disiprouting-tablevpn-instancevpn-rt
Destinations:19Routes:19
Destination/MaskProtoPreCostNextHopInterface
0.0.0.0/32Direct00127.0.0.1InLoop0
1.1.1.1/32Direct00127.0.0.1InLoop0
2.2.2.2/32O_INTRA10110.0.0.2Vlan400
10.0.0.0/30Direct0010.0.0.1Vlan400
10.0.0.0/32Direct0010.0.0.1Vlan400
10.0.0.1/32Direct00127.0.0.1InLoop0
10.0.0.3/32Direct0010.0.0.1Vlan400
127.0.0.0/8Direct00127.0.0.1InLoop0
127.0.0.0/32Direct00127.0.0.1InLoop0
127.0.0.1/32Direct00127.0.0.1InLoop0
127.255.255.255/32Direct00127.0.0.1InLoop0
172.16.20.0/24O_INTRA10210.0.0.2Vlan400
192.168.10.0/24Direct00192.168.10.1Vlan10
192.168.10.0/32Direct00192.168.10.1Vlan10
192.168.10.1/32Direct00127.0.0.1InLoop0
192.168.10.255/32Direct00192.168.10.1Vlan10
224.0.0.0/4Direct000.0.0.0NULL0
224.0.0.0/24Direct000.0.0.0NULL0
255.255.255.255/32Direct00127.0.0.1InLoop0
disiprouting-tablevpn-instancevpn-nrt
Destinations:19Routes:19
Destination/MaskProtoPreCostNextHopInterface
0.0.0.0/32Direct00127.0.0.1InLoop0
1.1.1.1/32Direct00127.0.0.1InLoop0
2.2.2.2/32O_INTRA10110.0.0.2Vlan500
10.0.0.0/30Direct0010.0.0.1Vlan500
10.0.0.0/32Direct0010.0.0.1Vlan500
10.0.0.1/32Direct00127.0.0.1InLoop0
10.0.0.3/32Direct0010.0.0.1Vlan500
127.0.0.0/8Direct00127.0.0.1InLoop0
127.0.0.0/32Direct00127.0.0.1InLoop0
127.0.0.1/32Direct00127.0.0.1InLoop0
127.255.255.255/32Direct00127.0.0.1InLoop0
172.16.10.0/24O_INTRA10210.0.0.2Vlan500
192.168.20.0/24Direct00192.168.20.1Vlan20
192.168.20.0/32Direct00192.168.20.1Vlan20
192.168.20.1/32Direct00127.0.0.1InLoop0
192.168.20.255/32Direct00192.168.20.1Vlan20
224.0.0.0/4Direct000.0.0.0NULL0
224.0.0.0/24Direct000.0.0.0NULL0
255.255.255.255/32Direct00127.0.0.1InLoop0
[SW2]disiprouting-tablevpn-instancevpn-rt
Destinations:19Routes:19
Destination/MaskProtoPreCostNextHopInterface
0.0.0.0/32Direct00127.0.0.1InLoop0
1.1.1.1/32O_INTRA10110.0.0.1Vlan400
2.2.2.2/32Direct00127.0.0.1InLoop0
10.0.0.0/30Direct0010.0.0.2Vlan400
10.0.0.0/32Direct0010.0.0.2Vlan400
10.0.0.2/32Direct00127.0.0.1InLoop0
10.0.0.3/32Direct0010.0.0.2Vlan400
127.0.0.0/8Direct00127.0.0.1InLoop0
127.0.0.0/32Direct00127.0.0.1InLoop0
127.0.0.1/32Direct00127.0.0.1InLoop0
127.255.255.255/32Direct00127.0.0.1InLoop0
172.16.20.0/24Direct00172.16.20.1Vlan100
172.16.20.0/32Direct00172.16.20.1Vlan100
172.16.20.1/32Direct00127.0.0.1InLoop0
172.16.20.255/32Direct00172.16.20.1Vlan100
192.168.10.0/24O_INTRA10210.0.0.1Vlan400
224.0.0.0/4Direct000.0.0.0NULL0
224.0.0.0/24Direct000.0.0.0NULL0
255.255.255.255/32Direct00127.0.0.1InLoop0
[SW2]
[SW2]disiprouting-tablevpn-instancevpn-nrt
Destinations:19Routes:19
Destination/MaskProtoPreCostNextHopInterface
0.0.0.0/32Direct00127.0.0.1InLoop0
1.1.1.1/32O_INTRA10110.0.0.1Vlan500
2.2.2.2/32Direct00127.0.0.1InLoop0
10.0.0.0/30Direct0010.0.0.2Vlan500
10.0.0.0/32Direct0010.0.0.2Vlan500
10.0.0.2/32Direct00127.0.0.1InLoop0
10.0.0.3/32Direct0010.0.0.2Vlan500
127.0.0.0/8Direct00127.0.0.1InLoop0
127.0.0.0/32Direct00127.0.0.1InLoop0
127.0.0.1/32Direct00127.0.0.1InLoop0
127.255.255.255/32Direct00127.0.0.1InLoop0
172.16.10.0/24Direct00172.16.10.1Vlan200
172.16.10.0/32Direct00172.16.10.1Vlan200
172.16.10.1/32Direct00127.0.0.1InLoop0
172.16.10.255/32Direct00172.16.10.1Vlan200
192.168.20.0/24O_INTRA10210.0.0.1Vlan500
224.0.0.0/4Direct000.0.0.0NULL0
224.0.0.0/24Direct000.0.0.0NULL0
255.255.255.255/32Direct00127.0.0.1InLoop0
[SW2]
PC填写相应的IP地址,同VPN实例能互通,不同VPN实例不能互通
同VPN实例能PING通,不同VPN实例不能互通:
至此,多VPN实例OSPF典型组网配置案例已完成!
